logo
DATABASE RESOURCES PRICING ABOUT US

python2.6 - security update

Description

A regression has been identified in the python2.6 update of DLA-25-1, which may cause python applications to abort if they were running during the upgrade but they had not already imported the 'os' module, and do so after the upgrade. This update fixes this upgrade scenario. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in python2.6. The more relevant are: * [CVE-2013-4238](https://security-tracker.debian.org/tracker/CVE-2013-4238) Incorrect handling of NUL bytes in certificate hostnames may allow server spoofing via specially-crafted certificates signed by a trusted Certification Authority. * [CVE-2014-1912](https://security-tracker.debian.org/tracker/CVE-2014-1912) Buffer overflow in socket.recvfrom\_into leading to application crash and possibly code execution. For Debian 6 Squeeze, these issues have been fixed in python2.6 version 2.6.6-8+deb6u2


Affected Software


CPE Name Name Version
python2.6 2.6.6-8

Related